password hashing algorithms

Perderabo · June 22, 2011, 3:56pm

I'm collecting some info on the password hashing algorithms in use on various Unix systems. So far I have:

no $  legacy unix crypt
$1$   MD5
$2$   Blowfish on BSD
$2a$  alternate Blowfish on BSD
$md5$ Sun's alternate MD5
$3$   a Microsoft hash
$4$   not used?
$5$   RedHat proposed Sha-256
$6$   RedHat proposed Sha-512

Does anyone have any more info? I'm particularly interested in what happened to $4$ and some info on which Microsoft hash is represented by $3$. And I would be interested to learn about any algorithms I missed.

jim_mcnamara · June 22, 2011, 5:03pm

Very minor addition:

Solaris 10:
etc/security/crypt.conf can have:
1 crypt_bsdmd5.so.1 crypt_bsdmd5 compatible with md5crypt on BSD and Linux systems.

2a crypt_bsdbf.so.1 blowfish

md5 crypt_sunmd5.so.1 MD5 variant

jtwcarboy · June 28, 2011, 4:18pm

Here are some more, Default on RHEL6 is SHA512

md5 - when a user changes their password next, encrypt it with the md5 algorithm.
sha256 - when a user changes their password next, encrypt it with the sha256 algorithm.
sha512 - when a user changes their password next, encrypt it with the sha512 algorithm.
bigcrypt - when a user changes their password next, excrypt it with the DEC C2 - algorithm(0).

If you need to change this in rhel then use /etc/sysconfig/system-auth, be carefull